First report in a broader initiative examining AI adoption across cybersecurity services 

[London, UK, 31 March 2026] – CREST has published new research exploring how artificial intelligence is being used in professional penetration testing services across the global cybersecurity industry.  

Artificial intelligence is reshaping how cybersecurity services are developed, delivered and evaluated. As AI becomes embedded in professional security workflows, coordination between technology providers, service providers, buyers and regulators becomes increasingly important. 

Drawing on insights from CREST-accredited organisations across multiple regions, the report provides one of the first structured views of how AI is entering real-world penetration testing workflows. 

The findings show that providers are integrating AI primarily in areas such as reporting, reconnaissance and analysis, while maintaining strong reliance on human expertise for higher-risk stages of testing. 

The research also highlights growing demand for transparency around how AI is used in cybersecurity services, with many providers expecting clients to increasingly request evidence of validation, governance and practitioner oversight. 

Key themes from the report findings: 

• Where AI fits into penetration‑testing workflows today  

• How practitioners are using AI to support analysis and reporting  

• Which parts of a test still rely on human judgement  

• The skills testers say are becoming more important  

• How AI‑assisted findings are reviewed and signed off in practice 

Access the report here

CREST’s role is to provide independent research, professional standards and industry guidance that help the market adopt AI responsibly while maintaining trust in cybersecurity services.  

Sebastian Madden, Chief Product Officer at CREST, comments:

“Artificial intelligence is rapidly becoming embedded in cybersecurity service delivery. Responsible implementation requires these technologies to enhance professional capability without diluting accountability. 

The organisations leading this transition combine deep technical expertise with strong governance, transparency and client trust. CREST will play an important role in helping the industry identify and support these market leaders, while developing the standards and guidance needed for buyers to adopt AI-enabled services with confidence.” 

Part of CREST’s global initiative examining AI adoption across cybersecurity services 

The report forms part of a broader CREST initiative to examine how AI is being adopted across cybersecurity service provision globally. Future research will extend this work across additional disciplines, helping to build a clearer industry picture of how AI is reshaping the cybersecurity services market. 

Through independent research, collaboration with industry experts and the development of standards and guidance, CREST aims to support responsible adoption of AI across the cybersecurity sector. 

ENDS.

Notes to Editors

For Media and Press enquiries, please contact:  

Emma Millard – Head of Marketing & Engagement, CREST International  
Email: [email protected]  
Phone: +44 (0)1234 567 890  

About CREST:  

CREST is a global not-for-profit organisation dedicated to raising standards and building trust in the cybersecurity profession.  

Established in 2006, CREST works with its international community of Member companies and practitioners to promote excellence, integrity and professional development across the cyber ecosystem. Through robust standards, accreditation frameworks and skills pathways, CREST helps organisations buy cybersecurity services with confidence and supports practitioners in developing trusted, globally-recognised careers.  

Working closely with governments, regulators and industry stakeholders, CREST plays an active role in shaping policy, strengthening market confidence and supporting the growth of a resilient, professional cybersecurity sector worldwide.  

For more information, visit  www.crest-approved.org